# HG changeset patch
# User Sebastien Decugis <sdecugis@freediameter.net>
# Date 1410426677 -28800
# Node ID 4ca14a36ae666575a12f56d949c56d5f096bec66
# Parent  abf1e51047a113d3e5907a006e59709cee318b86
Add Inband-Security-Id AVP to CEA if the CER contains one even if it is the secure port

diff -r abf1e51047a1 -r 4ca14a36ae66 libfdcore/p_ce.c
--- a/libfdcore/p_ce.c	Mon May 12 00:16:19 2014 +0800
+++ b/libfdcore/p_ce.c	Thu Sep 11 17:11:17 2014 +0800
@@ -950,6 +950,9 @@
 		/* Do not send the ISI IPsec if we are using the new mechanism */
 		if ((isi == PI_SEC_NONE) && (! (peer->p_hdr.info.config.pic_flags.sec & PI_SEC_TLS_OLD)))
 			isi = 0;
+	} else if (peer->p_hdr.info.runtime.pir_isi & PI_SEC_TLS_OLD) {
+		/* Seem some weird peers are sending the Inband-Security-Id AVP on the secure port... No harm */
+		isi = PI_SEC_TLS_OLD;
 	}
 	
 	/* Reply a CEA */